I recently had to inspect the SSL certificate of an e-mail provider (secure POP connection) . Here is a quick HOWTO using the Google Mail website as an example.
Issue this command on a box with openssl:
openssl s_client -connect mail.google.com:443 > google
Then cancel the command with CTRL-C.
A base64 representation of the web site’s certificate will be included in the output you redirected to the google file:
To inspect the certificate with openssl, use this command:
openssl x509 -in google -text
Or convert it to a certificate in DER format and open it on a Windows box:
openssl x509 -in google -outform DER -out google.der
If you want to script this and avoid the ctrl-c action try this alternative invocation:
timeout –kill-after=10s 5s openssl s_client -connect example.com:443 > example
The timeout command is part of GNU coreutils so it should be available on any reasonably modern Linux distro.
Comment by Trey Darley — Tuesday 14 February 2012 @ 17:42
[...] one is pretty easy, and really straight forward (with the help of Didier Stevens’ quickpost) #crayon-4f6909091bb58 .crayon-plain { font-size: 12px !important; line-height: 16px !important; } [...]
Pingback by Download & Install a SSL Cert into a Java keystore with keytool | put things down — Tuesday 20 March 2012 @ 22:47
@1: Redirecting /dev/null to stdin works just as well on posix systems, no need to involve gnuisms.
Comment by Henrik — Monday 13 May 2013 @ 13:03